Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2019-1003056 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer

CVE-2023-34040 Vulnerability in maven package org.springframework.kafka:spring-kafka

CVE-2023-28155 Vulnerability in npm package request

CVE-2023-44400 Vulnerability in npm package uptime-kuma

CVE-2022-24815 Vulnerability in npm package generator-jhipster

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory